Method and apparatus for managing mobile subscriber identification information according to registration requests

ABSTRACT

Aspects of the subject disclosure may include, for example, a system that manages utilization of mobile subscriber identity information including enabling reuse of such information by a different communication device and/or re-authorizing use by a communication device that previously was authorized to utilize the information. Other embodiments are disclosed.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.16/792,685 filed Feb. 17, 2020, which is a continuation of U.S. patentapplication Ser. No. 16/373,063 filed Apr. 2, 2019, now U.S. Pat. No.10,609,668, which is a continuation of U.S. patent application Ser. No.15/796,926 filed Oct. 30, 2017, now U.S. Pat. No. 10,299,238, which is acontinuation of U.S. patent application Ser. No. 15/237,098 filed onAug. 15, 2016, now U.S. Pat. No. 9,838,991. The contents of theforegoing are hereby incorporated by reference into this application asif set for herein in full.

FIELD OF THE DISCLOSURE

The subject disclosure relates to a method and apparatus for managingmobile subscriber identification information according to registrationrequests.

BACKGROUND

Mobile communication devices register with networks so that the devicescan provide communication services to subscribers. The registrationprocess requires exchanging messages between the mobile communicationdevice and network device(s), as well as exchanging messages betweennetwork devices.

As an example as illustrated in FIG. 1 , a device can provide mobilesubscriber identification information to the network at 101 which isreceived by a registration function (e.g., a Home Location Register(HLR)). Various information can be exchanged on the network-side and ananalysis of the mobile subscriber identification information can beperformed resulting in a registration authorization being provided tothe device at 102.

BRIEF DESCRIPTION OF THE DRAWINGS

Reference will now be made to the accompanying drawings, which are notnecessarily drawn to scale, and wherein:

FIG. 1 depicts an illustrative embodiment of a registration process inthe prior art;

FIG. 2 depicts an illustrative embodiment of a system that providescommunication services and enables re-using mobile SubscriberIdentification Information by other devices;

FIGS. 3-6 depict illustrative embodiments of registration processes usedin portions of the system described in FIG. 1 ;

FIG. 7 depicts an illustrative embodiment of a method that providescommunication services and enables re-using mobile SubscriberIdentification Information by other devices;

FIG. 8 depicts another illustrative embodiment of a system that providescommunication services and enables re-using mobile SubscriberIdentification Information by other devices;

FIG. 9 depicts an illustrative embodiment of a communication device thatcan be utilized in either or both of the systems of FIGS. 2 and 8 and/orcan be utilized during the method of FIG. 7 ; and

FIG. 10 is a diagrammatic representation of a machine in the form of acomputer system within which a set of instructions, when executed, maycause the machine to perform any one or more of the methods describedherein.

DETAILED DESCRIPTION

The subject disclosure describes, among other things, illustrativeembodiments for managing utilization of mobile subscriber identityinformation referred to herein as an International Mobile SubscriberIdentity (IMSI). The system and methods described herein can enablereuse of an IMSI by a different communication device and/orre-authorizing use by a communication device that previously wasauthorized to utilize the IMSI. In one or more embodiments, thecommunication devices can be end user devices, or other devicesincluding Machine-to-Machine (M2M) or Internet of Things (IoT) devices.Other embodiments are described in the subject disclosure.

One or more aspects of the subject disclosure is a method that includesreceiving, by an identity proxy function executed by a processing systemincluding a processor, a registration request associated with acommunication device where the registration request includes aninternational mobile subscriber identity of the communication device.The method can include accessing, by the identity proxy function,information that identifies a group of international mobile subscriberidentities and that indicates a subset of the group of internationalmobile subscriber identities that have been reassigned to othercommunication devices. Responsive to a first determination that theinternational mobile subscriber identity is not included in the group ofinternational mobile subscriber identities or a second determinationthat the international mobile subscriber identity is included in thesubset of the group of international mobile subscriber identities,providing, by the identity proxy function, the registration request to aregistration function for completing a registration process for thecommunication device that enables communication services at thecommunication device.

One or more aspects of the subject disclosure can include a devicehaving a processing system including a processor and a memory thatstores executable instructions that, when executed by the processingsystem, facilitate performance of operations. The operations can includereceiving an international mobile subscriber identity of a communicationdevice. The operations can include accessing information that identifiesa group of international mobile subscriber identities and that indicatesa subset of the group of international mobile subscriber identities thathave been reassigned to other communication devices. Responsive to afirst determination that the international mobile subscriber identity isincluded in the subset of the group of international mobile subscriberidentities and that the communication device is not one of the othercommunication devices that has received a reassignment of one of thesubset of the group of international mobile subscriber identities, theoperations can include providing (e.g., via an identity provisioningfunction) the communication device with provisioning information thatdisables use of the international mobile subscriber identity by thecommunication device.

One or more aspects of the subject disclosure includes amachine-readable storage medium, comprising executable instructionsthat, when executed by a processing system of a communication devicethat includes a processor, facilitate performance of operations. Theoperations include providing a registration request that is received byan identity proxy function operating in a server, where the registrationrequest includes a first international mobile subscriber identity of thecommunication device. The operations can include, responsive to adetermination that the first international mobile subscriber identityhas been reassigned to another communication device and that thecommunication device is not the other communication device, receiving,(e.g., from an identity provisioning function), provisioning informationthat includes a second international mobile subscriber identity. Theoperations can include facilitating a registration process that utilizesthe second international mobile subscriber identity and that enablescommunication services at the communication device.

FIG. 2 depicts an illustrative embodiment of a communication system 200(e.g., a Global System for Mobile Communications (GSM) system) thatprovides communication services such as to a communication device 210.The communication device 210 can be various types of devices such as amobile phone or other devices that utilize an IMSI for establishingcommunication services. The types of communication services can varyincluding voice services, video, data and/or messaging. System 200enables IMSI re-use by the same or other communication devices throughuse of an identity proxy function 250 and an identity provisioningfunction 350.

System 200 can include various components that facilitate providing thecommunication services, such as a Base Station Subsystem (BSS) thatperforms various functions (e.g., allocation of radio channels, paging,transmitting and receiving over the air interface). The BSS can includea Base Transceiver Station (BTS) 220 which can include equipment fortransmitting and receiving radio signals, antennas, and equipment forencrypting and decrypting communications with a Base Station Controller(BSC) 230. The BSC 230 can serve several different frequencies anddifferent sectors of a cell. System 200 can include a core network withother components such as a Mobile Switching Center (MSC) 240, a VisitorLocation Register (VLR) 245, a Home Location Register (HLR) 260, anAuthentication Center (AUC) 270, and an Equipment Identity Register(EIR) 270.

The MSC 240 can be a primary service delivery node that is responsiblefor routing voice calls and SMS, as well as other services, such asconference calls, FAX and circuit switched data. The VLR 245 can be adatabase of subscribers that have roamed into a jurisdiction of aparticular MSC served by that VLR. The VLR 245 is illustrated as astand-alone device but can be integrated with the MSC 240. The a 260 canbe a central database that contains details of each mobile phonesubscriber that is authorized to use the core network. In one or moreembodiments, the HLRs can store details of Universal Integrated CircuitCards (UICCs) (e.g., Subscriber Identity Module (SIM) cards) issued bythe mobile phone operator. In one or more embodiments, IMSIs can beunique identifiers which are the primary key to each HLR record. In oneor more embodiments, MSISDNs, which are the telephone numbers used bymobile phones to make and receive calls, can also be a primary key to aparticular HLR record. Other data can be stored in the HLR 260 (e.g.,indexed to a particular IMSI), such as communication services that thesubscriber has requested or is authorized to utilize, GPRS settings toallow the subscriber to access packet services, a current location ofsubscriber call divert settings applicable for each associated MSISDN,and so forth.

The AUC 270 can perform a function to authenticate each UICC thatattempts to connect to the core network (e.g., when the phone is poweredon). Once the authentication is successful, the HLR 260 can manage theUICC and authorized communication services. The EIR 280 can maintain alist of mobile phones (e.g., identified by their International MobileStation Equipment identity (a)) which are to be monitored or are to beprohibited from utilizing the network. The EIR 280 can be a databasethat contains information about the identity of the mobile equipmentthat prevents calls from stolen, unauthorized or defective mobilestations. In one or more embodiments, the EIR 280 can log handsetattempts that are stored in a log file. The EIR 280 is illustrated as astand-alone device but can be integrated with the HLR 260. System 200can include other features such as an Operations and Maintenance Center(OMC) that enables or otherwise facilitates the operation,administration and maintenance of a GSM network.

The communication system 200 can provide Over-The-Air (OTA) technologyto communicate with, download applications to, and manage a UICC withoutbeing connected physically to the UICC. As an example, an OTA gateway280 can communicate with a Short Message Service Center (SMSC) 290 fordelivering provisioning information to the communication device 210, aswell as propagating information to other network elements. For instance,OTA gateway 280 can transform information (e.g., service requests,provisioning information, and so forth) into short messages which areprovided to the SMSC 290 for delivery to the communication device 210.In one embodiment, the OTA gateway 280 receives service requests througha gateway API that indicates the actual UICC to modify, update, and/oractivate. In one embodiment, the OTA gateway 280 can have a UICCdatabase that indicates for each UICC, the vendor, a UICC identificationnumber, the IMSI and the MSISDN. In one embodiment, the service requestcan be formatted by the OTA gateway 280 into a message that can beunderstood by the recipient UICC, such as through use of librariesaccessible to (or stored by) the OTA gateway that contain the formats touse for each brand of UICC. The resulting formatted message can then besent to the SMSC 290 for delivery.

The identity proxy function 250 can be a stand-alone device (e.g.,positioned between the BSS and the MSC 240), or can be integrated withother components of the system 200 such as being executed by a serverthat also executes the MSC/VLR functions. In one or more embodiments,the identity proxy function 250 is configured so that information (e.g.,a registration request) being sent to a registration function (e.g., theHLR 260) is intercepted or otherwise first received by the identityproxy function prior to being received by the MSC 240, the VLR 245 andthe HLR 260. The particular positioning of the identity proxy function250 with respect to other network elements can vary provided that theidentity proxy function maintains its ability to manage use and re-useof IMSIs. In one embodiment, a single identity proxy function 250 can beutilized for a set of MSC/VLR and HLR.

In another embodiment, multiple identity proxy functions 250 can beutilized for each set of MSC/VLR and HLR, where the identity proxyfunctions are positioned at various points in the core network such asbetween the BSS and the MSC 240 and between the VLR 245 and the HLR 260(shown as dashed lines in FIG. 2 ). In one embodiment where multipleidentity proxy functions 250 are utilized, they can communicate witheach other for implementing the management of the use and re-use of theIMSIs.

In one embodiment, an interface 255 can be established between theidentity proxy function 250 and other network components, such as theHLR 260. For example, the interface 255 can enable the identity proxyfunction 250 to communicate directly with the HLR 260 so as to bypasscommunication with the VLR. For instance and as described herein, theidentity proxy function 250 can simulate function(s) of the VLR 245 suchas SRES comparison, and the interface 255 can enable obtaining dataneeded for the SRES comparison.

System 200 can also include an identity provisioning function 350 forproviding information to various devices including the communicationdevice 210, and network element(s). In one embodiment, the identityprovisioning function 350 can maintain a listing of the designated IMSIsand can provision identity proxy functions throughout the network withthis listing. The identity provisioning function 350 can be a separatedevice that is in communication with the identity proxy function 250. Inone embodiment, the identity provisioning function 350 can provide forOTA provisioning of the communication device 210 via a registrationsimulation platform as described herein, as well as propagate otherinformation to various network elements (e.g., communicating notices ofreassigned IMSIs or other information to the HLR 260, the AUC 270 and/orthe EIR 280). In one embodiment, the identity provisioning function 350can be in communication with the OTA gateway 280 and can utilize theservices of the SMSC 290 to provision communication devices. Thefunctions performed by the identity proxy function 250 and the identityprovisioning function 350 in managing IMSI reuse can vary. In oneembodiment, the identity proxy function 250 can be utilized as a pointof IMSI screening and further determinations as to what steps should betaken to manage the particular IMSI can be made by the identityprovisioning function 350 based on a detection or screening messagereceived by the identity provisioning function 350 from the identityproxy function 250. In other embodiments, the identity proxy function250 can take a more active role in determinations of the appropriatesteps to be taken to manage the particular IMSI.

Referring to FIG. 3 which illustrates a portion of system 200 and may ormay not include intermediate network components in the message exchangepaths, the identity proxy function 250 can have access to a list ofIMSIs that are designated for potential reassignment or as havingalready been reassigned to another communication device. For instance,the identity provisioning function 350 can maintain the listing of thedesignated IMSIs at 301 and can provision identity proxy functionsthroughout the network with this listing at 302. The listing of thedesignated IMSIs can be generated based on various criteria.

This provisioning information associated with the IMSIs can be utilizedby the identity proxy function 250 to manage or otherwise facilitateregistration by communication devices and reuse of IMSIs. For example,the identity proxy function 250 can determine that an IMSI is notincluded in the listing of the designated IMSIs in which case aregistration request associated with that IMSI would be forwarded to theMSC 240 for completing a registration process.

As another example, the identity proxy function 250 can determine thatan IMSI is included in the listing of the designated IMSIs but is notincluded in the subset of IMSIs that has already been reassigned inwhich case the identity proxy function 250 would know that an originaldevice (which has been flagged as inactive) is attempting to registerwith the network. The identity proxy function 250 could then takeappropriate steps for providing service to the original device, such ascausing (e.g., via the identity provisioning function 350) reauthorizinguse of the IMSI if services are now authorized (e.g., payment ofservices has been received) or causing the providing of nullificationinformation to the original device (e.g., via the identity provisioningfunction 350, a registration simulation platform, the OTA 280 and/or theSMSC 290) to further cause use of the IMSI at the original device to bedisabled if services are not authorized or the device/UICC are notcompatible with current network service. In one or more embodiments, theidentity proxy function 250 can provide a notice to the identityprovisioning function of detection of a particular IMSI and the identityprovisioning function 350 can then take appropriate steps for managingthe reuse of IMSIs.

As another example, the identity proxy function 250 can determine thatan IMSI is included in the listing of the designated IMSIs and is alsoincluded in the subset of IMSIs (which have already been reassigned).Responsive to these determinations, a further determination can be madeas to whether the device is the original device associated with the IMSIprior to the reassignment or whether the device is the new device thathas been reassigned the IMSI. The identity proxy function 250 and/or theidentity provisioning function 350 could then take appropriate steps forallowing registration of the new device that has been reassigned theIMSI or for providing service to the original device. For instance,another IMSI can be reassigned (e.g., via the identity provisioningfunction 350) to the original device from the listing of designatedIMSIs (which has not already been reassigned) if services are nowauthorized (e.g., payment of services has been received). In anotherembodiment, nullification information can be provided to the originaldevice (e.g., via the identity provisioning function 350) to cause useof the original IMSI at the original device to be disabled, such aswhere another IMSI is to be reassigned to the original device.

In one embodiment, IMSIs can be designated for potential re-use due tosuspension of services for a subscriber such as for non-payment or foranother reason. In one embodiment, IMSIs can be designated for potentialre-use due to a lack of use of the IMSI (or the device having a UICCthat utilizes the IMSI) for a threshold time period, such as a mobilephone that has not attempted to register with a network (e.g., the GSMnetwork or some other network including LTE or UMTS) in six months. Inone embodiment, IMSIs can be designated for potential re-use accordingto a confirmation that the UICC has been damaged, lost, stolen and soforth. In one or more embodiments as the IMSIs are reassigned to otherdevices, those particular IMSIs can be further flagged as having beenreassigned (i.e., flagged as a subset of the list of designated IMSIs).The identity provisioning function 350 can keep the identity proxyfunction 250 (as well as other identity proxy functions throughout thenetwork) apprised of the list of designated IMSIs as well as the subsetof those IMSIs that have already been reassigned to anothercommunication device so that the identity proxy function 250 canaccurately perform an IMSI screening process when registration requestsare received.

Referring to FIG. 4 which illustrates a portion of system 200 and may ormay not include intermediate network components in the message exchangepaths, another communication device 410 can be reassigned an IMSI fromthe designated IMSIs where the IMSI was previously associated with thecommunication device 210 (which has been flagged as inactive). In thisexample at 401, the identity provisioning function 350 can receive arequest, be instructed or otherwise determine that the IMSI (in the listof designated IMSIs) is to be reassigned to the communication device410. The communication device 410 can be a new device that needs an IMSIto provide communication services or an existing device that requiresanother IMSI due to some other reason, such as having its own IMSIreassigned to a different device.

At 402, the identity provisioning function 350 can notify the HLR 260that the communication device 410 is now associated with the particularreassigned IMSI. This can include deleting an original IMSI assignmentfor the communication device 410 and/or adding the new IMSI assignmentfor the communication device 410 in the database of the HLR 260. In oneembodiment, this notification can cause the HLR 260 to perform adatabase update such as re-mapping to particular HLR records, adjustingmapping with respect to MSISDNs, adjusting an identification ofavailable communication services that the subscriber has requested or isauthorized to utilize, adjusting GPRS settings to allow the subscriberto access packet services, and so forth.

At 403, the identity provisioning function 350 can notify the identityproxy function 250 that the communication device 410 is now associatedwith the particular reassigned IMSI. In one embodiment, the identityproxy function 250 can already be aware that the IMSI is part of a groupof IMSIs designated for potential reassignment and can already be awarethat the communication device 210 has been flagged as inactive. In thisexample, the identity proxy function 250 can switch a designation of theparticular IMSI to being flagged as within the subset of the designatedIMSIs that have already been reassigned to another device (i.e., thecommunication device 410 in this example).

Referring to FIG. 5 which illustrates a portion of system 200 and may ormay not include intermediate network components in the message exchangepaths, the identity proxy function 250 facilitates registration ofdevices that have been reassigned IMSIs by intercepting or otherwisereceiving registration requests, such as prior to the registrationrequest being provided to the MSC 240, the VLR 245 and the HLR 260. Forexample at 501, the communication device 410 (which has been reassignedan IMSI from the listing of designated IMSIs where the IMSI waspreviously associated with the communication device 210) can requestregistration with the network. A registration request including thereassigned IMSI can be received by the identity proxy function 250 whichdetermines whether or not the particular IMSI is part of the group ofdesignated IMSIs and whether a reassignment to another device hasalready occurred. In one embodiment, the identity proxy function 250and/or the identity provisioning function 350 can identify theparticular device requesting registration with the network. Forinstance, device identification information (e.g., an IMEI) can beobtained for the communication device 410, such as being received fromdevice 410 or from another source.

At 502, if the received IMSI is determined as having already beenreassigned to another device and if the communication device 410 isdetermined to be that other device then identity proxy function 250 canforward the registration request to the MSC/VLR (or another registrationfunction server) for processing of the registration of the communicationdevice 410. At 503 and 504, messaging associated with the registrationprocess can be exchanged such as between the HLR 260, the VLR 245, theidentity proxy function 250, and/or the communication device 410.

The particular messaging that makes up the registration request and theregistration process can vary. In one embodiment, the communicationdevice 410 can send a Channel Request message to the BSS on a RandomAccess Channel (RACH) and the BSS can respond on an Access Grant Channel(AGCH) with an Immediate Assignment message while assigning a StandAlone Dedicated Control Channel (SDCCH) to the communication device 410.The communication device 410 can switch to the assigned SDCCH and cansend a Location Update Request to the BSS. The communication device 410can send its IMSI to the BSS. The BSS can forward the Location UpdateRequest/IMSI a registration request) which is received or intercepted bythe identity proxy function 250 which determines whether the receivedIMSI is already reassigned to another device and if the communicationdevice 410 is that other device. If so, then the registration request isforwarded by the identity proxy function 250 to the MSC 240/VLR 245which in turns forwards the registration request to the HLR 260, alongwith a request for verification of the IMSI and a request forauthentication triplets (RAND, Kc, SRES). The HLR 260 can forward theIMSI to the AuC 270 and can request the authentication triplets. The AuC270 can generate the authentication triplets and can send them, alongwith the IMSI, back to the HLR 260. The HLR 260 can validate the IMSI byensuring it is allowed on the network and it is authorized forsubscriber services. The HLR 260 can then forward the IMSI and thetriplets to the VLR 245 which stores the SRES and the Kc, and can alsoforward the RAND to the BSS. The VLR 245 can utilize the BSS toauthenticate the communication device 410. The BSS can send thecommunication device 410 an Authentication Request message with the onlyauthentication parameter being sent in the message being the RAND. Thecommunication device 410 can use the RAND to calculate the SRES and cansend the SRES back to the BSS on the SDCCH in an AuthenticationResponse. The BSS can forward the SRES to the VLR 245 which compares theSRES generated by the AuC with the SRES generated by the communicationdevice. If the SRESs match then authentication is completedsuccessfully. The exemplary embodiments can also utilize other messagingtechniques and paths for registration of the communication device 410.

In one embodiment, the VLR 245 can forward the Kc for the communicationdevice 410 to the BSS where the Kc is not sent across the air interfaceto the communication device. The BSS can store the Kc and can forward aSet Cipher Mode command to the communication device 410 where thecommand only indicates which encryption to use. The communication device410 can switch to cipher mode using the particular encryption algorithm(e.g., A5) so that all transmissions are now enciphered and can send aCiphering Mode Complete message to the BSS. The VLR 245 can send aLocation Updating Accept message to the BSS and also generate a newTemporary Mobile Subscriber Identity (TMSI) for the communicationdevice. The BSS can send the TMSI to the communication device 410 whichcan respond with a TMSI Reallocation Complete message that is forwardedto the VLR 245. The BSS can instruct the communication device 245 to gointo idle mode by sending it a Channel Release message and can thende-assign the SDCCH. The VLR 245 can send an Update Location message tothe HLR 260 which records the particular MSC/VLR the communicationdevice is currently associated with.

In one embodiment such as where the identity proxy function 250 isunable to obtain device identity information (e.g., the IMEI) for thecommunication device 410, the identity proxy function 250 can simulatethe registration process to obtain information that enables discerningwhether the communication device 410 is the device that has beenreassigned the IMSI or is the original device that was previouslyassociated with the IMSI prior to the reassignment. As an example, theidentity proxy function 250 can simulate the registration process so asto obtain an SRES generated by the communication device 410. From thatgenerated SRES, the identity proxy function 250 can detect whether thecommunication device 410 is the device that has been reassigned the IMSIor is the original device that was previously associated with the IMSIprior to the reassignment. In this example, the identity proxy function250 can communicate with other necessary components for obtaining datathat is utilized in the registration process such as bypassing the VLR245 and communicating via the interface 255 with the HLR 260 to obtainthe authentication triplets. In this example, since the identity proxyfunction 250 requested the authentication triplets, the HLR 260 willobtain them from the AUC 270 and provide them back to the identity proxyfunction rather than providing them to the VLR 245. In one embodiment,the simulation of the registration process and the forcing of an SRESgeneration by the communication device 410 can be utilized to identifythe particular device according to a secret key (in combination with theRAND provided by the identity proxy function 250) that the communicationdevice would utilize in generating the SRES. The secret keys can beknown or otherwise accessible to the identity proxy function 250 so thatthe secret key could be utilized to detect which device is generatingthe registration request. As an example, the secret key can be usedduring multiple cryptographic operations which can include theauthentication of the device (e.g., in all networks) and the network(e.g., in UMTS and LTE).

In one embodiment, rather than utilizing the interface 255, system 200can utilize first and second identity proxy functions 250 that arepositioned between the communication device 210 and the MSC 240 andpositioned between the VLR 245 and the HLR 260, respectively. The firstand second identity proxy functions 250 can communicate with each other,such as to bypass the VLR 245 when the identity proxy functions 250 aresimulating a registration process and forcing the communication device410 to generate an SRES. In one embodiment, once the identity proxyfunction 250 has determined the identity of the device (original devicevs. new device), the identity proxy function 250 can require that thecommunication device perform a re-registration.

Referring to FIG. 6 which illustrates a portion of system 200 and may ormay not include intermediate network components in the message exchangepaths, the identity proxy function 250 facilitates registration ofdevices where the particular IMSI has been designated for potentialreassignment or has already been reassigned by intercepting or otherwisereceiving registration requests, such as prior to the registrationrequest being provided to the MSC 240, the VLR 245 and the HLR 260. Forexample at 601, the original device 210 can request registration withthe network. The original device 210 may have been flagged as inactive,such as for non-use over a threshold period of time, suspension ofservices for non-payment, a customer requesting discontinuation ofservices, and so forth. A registration request including the IMSI can bereceived by the identity proxy function 250 which determines whether ornot the particular IMSI is part of the group of designated IMSIs andwhether a reassignment has already occurred. In one embodiment, theidentity proxy function 250 can identify the particular devicerequesting registration with the network. For example, deviceidentification information (e.g., an IMEI) can be obtained for theoriginal device 210, such as being received from device 210 (e.g., inthe registration request). As another example, if the IMSI has not beenreassigned but is part of the IMSIs designated for potentialreassignment then the identity proxy function 250 can determine that thedevice requesting registration is the original device 210 that has beenflagged as inactive. The identification of the device can be based onsimulating the registration process and forcing a generation of an SRESby the communication device 210, as described herein.

In one embodiment, the identity proxy function 250 and/or the identityprovisioning function 350 can determine whether the original device 210is eligible for services. If the original device 210 is not eligible forservices (e.g., suspension of services for non-payment or other reasons,device/UICC is no longer compatible with network or services, and soforth) then the identity proxy function 250 can cause or otherwisefacilitate or enable provisioning information to be provided (e.g., viathe identity provisioning function 350) to the original device 210 tocause the original device to disable its use of the IMSI. In thisexample, the IMSI can then be removed from the designated listing ofIMSIs and can instead be included with other IMSIs (e.g., that havenever been used before) that are eligible for assignment.

In one embodiment, if the IMSI has not yet been reassigned then theidentity proxy function 250 and/or the identity provisioning function350 can determine whether to allow the original device 210 to utilizethat original IMSI, such as confirming that the subscriber is eligiblefor services (e.g., based on payment for services or other actions thatremoved a suspension of services). If the original device 210 ispermitted to utilize its IMSI, then identity proxy function 250 canforward the registration request (based on the original IMSI) to the MSC240/VLR 245 and can provide a notification (e.g., to the identityprovisioning function 350) to remove the IMSI from the listing ofdesignated IMSIs and to further adjust the status of the original device210 from an inactive status to an active status.

In one embodiment, if the IMSI has already been reassigned to anotherdevice then the identity proxy function 250 and/or the identityprovisioning function 350 can confirm that the subscriber of theoriginal device 210 is eligible for services and can obtain reassignmentof another IMSI (from the designated list of IMSIs) for the originaldevice. For example at 602, responsive to a determination that the IMSIhas already been reassigned to another device and a determination thatthe subscriber of the original device 210 is eligible for services thenthe identity proxy function 250 can provide a request to the identityprovisioning function 350 for another IMSI from the listing ofdesignated IMSIs (which is not in the subset of IMSIs that has alreadybeen reassigned) or the identity proxy function 250 can receive theother IMSI from the identity provisioning function 350 based on adetermination made by the identity provisioning function 350. In oneembodiment, the original device 210 can continue to utilize its originalsecret key (which is mapped to the original device by the network). Inone embodiment, the determination of eligibility for services can bemade by the identity provisioning function 350 such that the identityproxy function 250 transmits the request to the identity provisioningfunction 350 for another IMSI responsive to a determination that theIMSI has already been reassigned to another device and the identityprovisioning function 350 can approve or deny the request.

Continuing with this example at 603, the identity provisioning function350 can notify various network elements (e.g., the HLR 260) that thecommunication device 210 is now associated with the particularreassigned IMSI. This can include the HLR 260 deleting an original IMSIassignment for the communication device 210 and/or adding the new IMSIassignment for the communication device 210 in its database. In oneembodiment, this notification can cause the HLR to perform a databaseupdate such as re-mapping to particular HLR records, adjusting mappingwith respect to MSISDNs, adjusting an identification of availablecommunication services that the subscriber has requested or isauthorized to utilize, adjusting GPRS settings to allow the subscriberto access packet services, and so forth.

At 604, the identity provisioning function 350 can provide provisioninginformation to the communication device 210 via an OTA platform thatcauses the UICC to be adjusted so that the reassigned IMSI is nowutilized by the device for communication services. In one embodiment, tosend an OTA provisioning message to a device that has not completedregistration to a target network, a simulating network can be used tointercept (e.g., prior to being received by a VLR in GSM or an MME inLTE) and complete the registration. The simulating network can send anOTA message to the device that can cause the modification of the deviceIMSI and can cause the device to perform a re-registration to the targetnetwork. For example, the simulating network can comprise a set offunctional elements (e.g., registration simulation platform 675) thatexist in the target network. This can include an MSC/VLR, a MME, a HLRor HSS, an AUC, a SMSC, an OTA platform, a SGW, a PGW, an EIR and/or anycombination thereof. The AUC of registration simulation platform 675 cancontain the secret key of the device and the HSS/HLR can be provisionedto allow the device to register. Other pre-provisioning functions can beperformed. For instance, the registration simulation platform 675 can beintegrated into the identity proxy function 250 (illustrated in FIG. 6), the identity provisioning function 350 and/or can exist as astandalone device. In one embodiment, the identity provisioning function350 can become aware of the registration to the registration simulationplatform 675 by notification from the registration simulation platform675 and/or from the identity proxy function 250. In this example, theidentity provisioning function 350 can instruct the registrationsimulation platform 675 to perform an OTA to modify an IMSI of thatparticular device. The identity provisioning function 350 may provide anupdate to the identity proxy function 250 regarding the content of therequested OTA.

In another embodiment, the identity provisioning function 350 canprovide provisioning information to the communication device 210 via theOTA 280 and the SMSC 290 that causes the UICC to be adjusted so that thereassigned IMSI is now utilized by the device for communicationservices. In another embodiment at 605, the communication device 210 canthen attempt to re-register utilizing the reassigned IMSI. The identityproxy function 250 can receive the registration request for thecommunication device 210, which now includes the reassigned IMSI and at606-608 the registration process (via the VLR 245 and the HLR 260) canbe completed based on the reassigned IMSI. In one or more embodiments,the identity provisioning function 350 can provision a National SIMManager (NSM) with the reassigned IMSI for the original device where thesecret key of the original device is already known. In anotherembodiment, the identity provisioning function 350 can be integratedwith equipment of the NSM. In one embodiment, a billing system candetect the change in IMSI for the UICC and can provision some or allother network elements necessary for enabling call processing (e.g., HLR260, AUC 270).

FIG. 7 depicts an illustrative embodiment of a method 700 used by system200 for facilitating the re-use of IMSIs. One or more of the steps ofmethod 700 can be performed by the identity proxy function 250, theidentity provisioning function 350 and/or by other devices described inFIGS. 2-6 . At 702, an IMSI can be received that is associated with acommunication device. For instance, the IMSI can be part of aregistration request that is generated by or caused to be generated bythe communication device. At 704, a determination of the status of theISMI can be made. For example, the identity proxy function 250 candetermine whether the IMSI is included in a designated group of IMSIsand if so can further determine whether the IMSI is included in a subsetof the group which is further designated as having already beenreassigned to another communication device. If the IMSI is not part ofthe designated group of IMSIs then the registration process can becontinued by forwarding the registration request and/or IMSI to the MSC240/VLR 245 to perform the registration at 706. If on the other hand theIMSI is part of the designated group of IMSIs then a determination canbe made at 708 as to whether the registration request is for an originaldevice that was associated with the IMSI (e.g., prior to beingreassigned) or whether the registration request is for a new device thathas been reassigned the IMSI. The identification of the particulardevice can be performed in a number of different ways, such as based ondevice identification information (e.g., IMEI), simulating aregistration process to force an SRES generation by the device fromwhich the device identification can be determined, and so forth.

If the registration request and the IMSI are from a new device that hasbeen reassigned the IMSI then the registration process can be continuedby forwarding the registration request and/or IMSI to the MSC 240/VLR245 to perform the registration at 706. If on the other hand theregistration request and the IMSI are from an original device (e.g., adevice that the IMSI was previously associated with prior to being addedto the listing of designated IMSIs) then a determination can be made at710 as to whether the subscriber of the original device is eligible forcommunication services. Eligibility for services can be based on variousfactors and can be determined by various components or a combination ofcomponents, such as based on billing, device hardware requirements,device software requirements, and so forth. If the subscriber of theoriginal device is not eligible for communication services then at 712provisioning information can be provided to the original device (e.g.,via OTA provisioning by the identity provisioning function 350 such asthrough use of registration simulation platform 675) that causesdisabling the use of the particular IMSI by the original device. In oneembodiment, if the IMSI has not already been reassigned then it can beremoved from the listing of designated IMSIs and provided to anothercommunication device (e.g., the identity proxy function 250 can forwardthe IMSI automatically to the MSC 240/VLR 245 for completion ofregistration associated with a new device that utilizes the IMSI).

If on the other hand the subscriber of the original device is eligiblefor communication services then at 714 the original device can beauthorized to utilize the particular IMSI (e.g., if it is determinedthat the particular IMSI has not yet been reassigned) or the originaldevice can be provisioned with another IMSI (e.g., if it is determinedthat the original IMSI has already been reassigned to another device).In one embodiment, the new IMSI reassigned to the original device can beselected from the listing of designated IMSI (which is not included inthe subset of IMSIs that has already been reassigned). Method 700 canthen proceed to 706 where the registration process is completed.

While for purposes of simplicity of explanation, the respectiveprocesses are shown and described as a series of blocks in FIG. 7 , itis to be understood and appreciated that the claimed subject matter isnot limited by the order of the blocks, as some blocks may occur indifferent orders and/or concurrently with other blocks from what isdepicted and described herein. Moreover, not all illustrated blocks maybe required to implement the methods described herein.

In one or more embodiments, eligibility for services can be determinedaccording to a viability of the UICC. For example, if it is determinedthat the UICC is no longer compatible with the network (e.g., it cannotperform certain functions requested by the network or cannot facilitatecertain communication services) then the device/UICC can be designatedas being ineligible for service and provisioning information can be sentto the device (e.g., via registration simulation platform 675) tonullify or otherwise disable use of the IMSI by that device/UICC. In oneembodiment, if it is determined that the UICC is not viable or otherwiseis incompatible with the network then the subscriber of the originaldevice can be provided with a request to upgrade the UICC (which may ormay not utilize the same IMSI), such as forwarding a message includingan offer to the original device. In this example, the IMSI can beremoved from the listing of designated IMSIs. One or more of thedeterminations described with respect to any of the exemplaryembodiments can be made by the identity proxy function 250, the identityprovisioning function 350, or another network device.

FIG. 8 depicts an illustrative embodiment of a communication system 800(e.g., a Long Term Evolution (LTE) system) that provides communicationservices such as to a communication device 810. The communication device810 can be various types of devices such as a mobile phone or otherdevices that utilize an IMSI for establishing communication services.The types of communication services can vary including voice services,video, data and/or messaging. System 800 enables IMSI re-use by the sameor other communication devices through use of an identity proxy function850 and an identity provisioning function 899. System 800 can performmany of the same functions as described with respect to system 200including intercepting a registration request with an IMSI, determiningan identity of a device requesting registration, processing registrationrequests according to whether the IMSI is a designated IMSI and whetherthe IMSI has already been reassigned to another device, reassigning anIMSI to an original device that has come back online, reauthorizing useof an original IMSI for an original device that has returned to beingservice eligible, and so forth.

System 800 can utilize the identity proxy function 850 to performfunctions similar to those described with respect to the identity proxyfunction 250 of system 200 for facilitating the re-use of IMSIs. System800 can include various components that facilitate providing thecommunication services, including an eNodeB (eNB) 825 that functions ashardware that communicates directly wirelessly with mobile handsetssimilar to the BSS of the GSM network of system 200, a MobilityManagement Entity (MME) 840 that functions as a control-node for the LTEaccess-network, and a Home Subscriber Server (HSS) 860 that functions asa central database to contain user-related and subscription-relatedinformation and which provides user authentication and accessauthorization functionality. The HSS 860 is similar to the HLR 260 andAUC 270 of the GSM network of system 200. Other components can also beincluded in the system 800 such as an EIR, S-GW, PDN GW, ePDG, SGSN andso forth.

In one or more embodiments, the identity proxy function 850 can bepositioned between the eNB 825 and the MME 840 so that the IMSI isreceived by the identity proxy function 850 prior to being processed bythe MME 840. In one embodiment, an interface 855 can be establishedbetween the identity proxy function 850 and other network components,such as the HSS 860. For example, the interface 855 can enable theidentity proxy function 850 to communicate directly with the HSS 860 soas to bypass communication with the MME 840. For instance and asdescribed herein, the identity proxy function 850 can simulatefunction(s) of the MME 840 such as RES comparison and the interface 855can enable obtaining data needed for the RES comparison.

System 800 can utilize an identity provisioning function 899 forprovisioning information to the communication device 810, such as areassigned IMSI, nullification information that disables the use of anold IMSI at an original device, an offer to obtain a reassigned IMSI,and so forth. In one embodiment, identity provisioning function 899 canalso propagate other information to other network elements, such asnotifications that an IMSI from the listing of designated IMSIs has beenreassigned or has been removed from the IMSI, an inactive or activestatus change for a device, and so forth to various network elementssuch as the HSS 860, the EIR, and so forth. The provisioning orpropagation of information to the communication device 810 can beperformed in a number of different ways, including utilizing aregistration simulation platform (e.g., performing function similar tothat of registration simulation platform 675 in FIG. 6 , an OTA gateway880 and/or a messaging gateway 890. The functions performed by theidentity proxy function 850 and the identity provisioning function 899in managing IMSI reuse can vary. In one embodiment, the identity proxyfunction 850 can be utilized as a point of IMSI screening and furtherdeterminations as to what steps should be taken to manage the particularIMSI can be made by the identity provisioning function 899 based on adetection or screening message received by the identity provisioningfunction 899 from the identity proxy function 850. In other embodiments,the identity proxy function 850 can take a more active role indeterminations of the appropriate steps to be taken to manage theparticular IMSI.

In one embodiment, the HSS 860 can be provisioned with reassigned IMSIsto facilitate the registration of a new device that has received areassigned IMSI from an original device. In one embodiment, the identityproxy function 850 can simulate a registration process to force thecommunication device 810 to generate a RES (similar to the processdescribed with respect to FIG. 5 ) so that the identity proxy function850 can determine whether the device requesting registration is anoriginal device or a new device.

In one embodiment, the identity proxy function 850 can obtain an IMSI ofthe communication device 810 attempting to register and can determinethe identity of that device. Based upon the IMSI and the identity of thecommunication device 810, a determination can be made (e.g., by theidentity proxy function 850 and/or the identity provisioning function899) whether to allow the registration to proceed (to the MME 840),reassign an IMSI to the communication device, provide provisioninginformation that disables use of the IMSI by the communication deviceand/or take other appropriate actions to facilitate managing use andreuse of IMSI.

For example, the communication device 810 can initiate an attachprocedure by transmitting an attach request to the eNB 825 so that theeNB can derive the appropriate MME from the Radio Resource Control (RRC)parameters carrying the old Globally Unique Mobility Management EntityIdentifier (GUMMEI) and the indicated Selected Network. The attachrequest (i.e., registration request) can be received by the identityproxy function 850 (e.g., from the eNB 825). In one embodiment, theattach request can include a Globally Unique Temporary UE Identity(GUTI) which has the GUMMEI and also has the M-TMSI, which identifiesthe particular device. This identification allows the identity proxyfunction 850 to ascertain whether the particular device is a new devicethat has been reassigned the IMSI from the listing of designated IMSIsor is the original device that was previously associated with the IMSIprior to the reassignment. In this example, the identity proxy function850 can obtain the IMSI in a number of different ways. For example, ifthe communication device 810 identifies itself with a GUTI, then theGUTI can be used to derive the old MME/SGSN address, and anIdentification Request can be sent to the old MME/SGSN to request theIMSI. In another embodiment, the identity proxy function 850 can send anIdentity Request to the communication device 810 to request the IMSI.

In one embodiment such as where the identity proxy function 850 isunable to obtain device identity information (e.g., the GUTI) for thecommunication device 810, the identity proxy function 850 can simulatethe registration process of the MME 840 to obtain information thatenables discerning whether the communication device 810 is a new devicethat has been reassigned the IMSI or is the original device that waspreviously associated with the IMSI prior to the reassignment. As anexample, the identity proxy function 850 can simulate the registrationprocess of the MME 840 so as to obtain a RES generated by thecommunication device 810 according to an EPS AKA algorithm. From thatgenerated RES, the identity proxy function 850 can detect whether thecommunication device 810 is the new device that has been reassigned theIMSI or is the original device that was previously associated with theIMSI prior to the reassignment. In this example, the identity proxyfunction 850 can communicate with other necessary components forobtaining data that is utilized in the registration process (e.g. amutual authentication process) such as bypassing the MME 840 andcommunicating via the interface 855 with the HSS 860 to obtainauthentication vectors (e.g., RAND, AUTN, XRES, K_(ASME)). The HSS 860generates authentication vector(s) using the EPS AKA algorithm andforwards them back to the identity proxy function 850. The identityproxy function 850 can select one of the authentication vectors (if morethan one was received) and can use it to perform mutual authenticationwith the communication device 810 by forwarding the RAND and AUTN_(HSS)to the communication device, which then computes RES, AUTN_(UE) andK_(ASME) using the EPS AKA algorithm. The communication device 810 canthen compare its own AUTN_(UE) and AUTN_(HSS) received from the identityproxy function 850. Once authenticated, the communication device 810 canforward the RES to the identity proxy function 850, which can thendetermine from a comparison of the XRES received from the HSS 860 withthe RES generated by the communication device whether the particulardevice is the original device or the new device since different RESswill be generated based on different encryption keys (LTE K) stored atdifferent UICCs. In this example, since the identity proxy function 850requested the authentication vectors, the HSS 860 will provide them backto the identity proxy function via interface 855 rather than providingthem to the MME 840.

In one embodiment, rather than utilizing the interface 855, system 800can utilize first and second identity proxy functions 850 that arepositioned between the communication device 810 and the MME 840 andpositioned between the MME 840 and the HSS 260 (shown in dashed lines inFIG. 8 ), respectively. The first and second identity proxy functions850 can communicate with each other, such as to bypass the MME 840 whenthe identity proxy functions 850 are simulating a registration processof the MME 840 and forcing the communication device 810 to generate aRES. In one embodiment, once the identity proxy function 850 hasdetermined the identity of the device (original device vs. new device),the identity proxy function 850 can require that the communicationdevice 810 perform a re-registration.

In one or more embodiments, system 800 enables receiving, by theidentity proxy function 850, a registration request associated with thecommunication device 810 where the registration request includes an IMSIof the communication device. System 800 enables accessing, by theidentity proxy function 850, information that identifies a group ofIMSIs and that indicates a subset of the group of IMSIs that have beenreassigned to other communication devices. Responsive to a firstdetermination that the IMSI is not included in the group of IMSIs or asecond determination that the IMSI is included in the subset of thegroup of IMSIs, system 800 enables providing, by the identity proxyfunction 850, the registration request to a registration function (e.g.,the MME 840 and/or the HSS 860) for completing a registration processfor the communication device which allows for communication services atthe communication device. In one embodiment, system 800 enablesreceiving, by the identity proxy function 850, device identificationdata for the communication device 810. A third determination can then beperformed as to whether the communication device 810 is one of the othercommunication devices that has received a reassignment of one of thesubset of the group of international mobile subscriber identities, wherethe third determination is based on the device identification data, andwhere the providing the registration request to the registrationfunction for completing the registration process is according to thethird determination. In one embodiment, the device identification datacomprises an IMEI. In one embodiment, the IMEI is obtained from thecommunication device 810. In one embodiment responsive to a thirddetermination that the IMSI is included in the subset of the group ofIMSIs and that the communication device 810 is not one of the othercommunication devices that has received a reassignment of one of thesubset of the group of IMSIs, system 800 enables providing, via theidentity provisioning function 899, the communication device withprovisioning information. The provisioning information causes one ofdisabling use of the IMSI by the communication device, reassignment ofanother IMSI from the group of IMSIs that is not included in the subsetof the group of IMSIs, or a combination thereof. In one embodiment, thesystem 800 enables receiving, by the identity proxy function 850, anIMEI from the communication device 810, wherein the third determinationis based on the IMEI. In one embodiment responsive to a thirddetermination that the communication device 810 is eligible for service,that the IMSI is included in the group of IMSIs, and that the IMSI isnot included in the subset of the group of IMSIs, the system 800 enablesremoval of the IMSI from the group of IMSIs and further enablesproviding, by the identity proxy function 850, the registration requestto the registration function for completing the registration process forthe communication device. In one embodiment, system 800 enablesdetermining a functionality of a universal integrated circuit card ofthe communication device 810 that stores the IMSI, where the removal ofthe IMSI from the group of IMSIs and the providing the registrationrequest to the registration function are based on a fourth determinationthat the functionality of the universal integrated circuit card iscompatible with the communication services associated with thecommunication device. In one embodiment, the identity proxy function 850is a stand-alone server located between the eNB 825 and the MME 840, andthe registration function is performed by the MME 840 utilizing servicesof the HSS 860. In one embodiment, the provisioning information can beprovided to the communication device by the identity provisioningfunction via an OTA interface, where the OTA instructions go through theidentity proxy function 850.

In one embodiment, the system 800 enables receiving, by the identityproxy function 850, a signed response message generated by thecommunication device 810 based on a random challenge; and performing, bythe identity proxy function, a third determination that thecommunication device is one of the other communication devices that hasreceived a reassignment of one of the subset of the group of IMSIs,where the third determination is based on the signed response message,and where the providing the registration request to the registrationfunction for completing the registration process is according to thethird determination. In one embodiment, the system 800 enablesproviding, by the identity proxy function 850, the random challenge tothe communication device 810.

FIG. 9 depicts an illustrative embodiment of a communication device 900.Communication device 900 can serve in whole or in part as anillustrative embodiment of the devices depicted in FIGS. 2-6 and 8 andcan be configured to perform portions of method 700 of FIG. 7 . Wherecommunication device 900 is an end user device, it can include a UICC975 that stores or otherwise manages use of an IMSI for registering thecommunication device. In one embodiment, the communication device 900can be an end user device that performs operations including: providinga registration request that is received by an identity proxy functionoperating in a server, where the registration request includes a firstIMSI of the communication device; responsive to a determination that thefirst IMSI has been reassigned to another communication device and thatthe communication device 900 is not the other communication device,receiving provisioning information that includes a second IMSI; andfacilitating a registration process that utilizes the second IMSI andthat enables communication services at the communication device. In oneembodiment, the provisioning information includes disabling informationthat disables use of the first IMSI by the communication device 900,where the registration process utilizes a secret key that was previouslyassociated with the first IMSI prior to the first IMSI being reassignedto the other communication device, and where the receiving of theprovisioning information is responsive to determining that thecommunication device is eligible for the communication services.

In another embodiment, the communication device 900 can be a networkdevice (e.g., a network server executing the identity proxy function250, 850 and/or the identity provisioning function 350, 899) thatperforms operations including: receiving an IMSI of a communicationdevice; accessing information that identifies a group of IMSIs and thatindicates a subset of the group of IMSIs that have been reassigned toother communication devices; and, responsive to a first determinationthat the IMSI is included in the subset of the group of IMSIs and thatthe communication device is not one of the other communication devicesthat has received a reassignment of one of the subset of the group ofIMSIs, providing the communication device with provisioning informationthat disables use of the IMSI by the communication device. In oneembodiment, the communication device 900 can, responsive to determiningthat use of the IMSI by the communication device has been nullified,provide a notification to or otherwise perform a removal of the IMSIfrom the group of IMSIs. In one embodiment, the communication device 900can, receive an IMEI from the communication device, where the firstdetermination is based on the IMEI. In one embodiment, the communicationdevice 900 can, perform a second determination that the communicationdevice is not service eligible, where the providing the communicationdevice with the provisioning information is responsive to the seconddetermination. In one embodiment, the communication device 900 can,responsive to a second determination that the IMSI is included in thesubset of the group of IMSIs and that the communication device is one ofthe other communication devices that has received a reassignment of oneof the subset of the group of IMSIs, providing a registration request toa registration function for completing a registration process for thecommunication device that enables communication services at thecommunication device. In one embodiment, the provisioning informationenables reassignment of another IMSI from the group of IMSIs that is notincluded in the subset of the group of IMSIs, and where thecommunication device 900 can provide a registration request to aregistration function for completing a registration process for thecommunication device utilizing the other IMSI. In one embodiment, theregistration process for the communication device utilizing the otherIMSI is further based on a secret key that was previously associatedwith the IMSI prior to the reassignment of the other IMSI to thecommunication device.

Communication device 900 can include more or less than the componentsdescribed herein. For example, communication device 900 can comprise awireline and/or wireless transceiver 902 (herein transceiver 902), auser interface (UI) 904, a power supply 914, a location receiver 916, amotion sensor 918, an orientation sensor 920, and a controller 906 formanaging operations thereof. The transceiver 902 can support short-rangeor long-range wireless access technologies such as Bluetooth®, ZigBee®,WiFi, DECT, or cellular communication technologies, just to mention afew (Bluetooth® and ZigBee® are trademarks registered by the Bluetooth®Special Interest Group and the ZigBee® Alliance, respectively). Cellulartechnologies can include, for example, CDMA-1X, UMTS/HSDPA, GSM/GPRS,TDMA/EDGE, EV/DO, WiMAX, SDR, LTE, as well as other next generationwireless communication technologies as they arise. The transceiver 902can also be adapted to support circuit-switched wireline accesstechnologies (such as PSTN), packet-switched wireline accesstechnologies (such as TCP/IP, VoIP, etc.), and combinations thereof.

The UI 904 can include a depressible or touch-sensitive keypad 908 witha navigation mechanism such as a roller ball, a joystick, a mouse, or anavigation disk for manipulating operations of the communication device900. The keypad 908 can be an integral part of a housing assembly of thecommunication device 900 or an independent device operably coupledthereto by a tethered wireline interface (such as a USB cable) or awireless interface supporting for example Bluetooth®. The keypad 908 canrepresent a numeric keypad commonly used by phones, and/or a QWERTYkeypad with alphanumeric keys. The UI 904 can further include a display910 such as monochrome or color LCD (Liquid Crystal Display), OLED(Organic Light Emitting Diode) or other suitable display technology forconveying images to an end user of the communication device 900. In anembodiment where the display 910 is touch-sensitive, a portion or all ofthe keypad 908 can be presented by way of the display 910 withnavigation features.

The display 910 can use touch screen technology to also serve as a userinterface for detecting user input. As a touch screen display, thecommunication device 900 can be adapted to present a user interface withgraphical user interface (GUI) elements that can be selected by a userwith a touch of a finger. The touch screen display 910 can be equippedwith capacitive, resistive or other forms of sensing technology todetect how much surface area of a user's finger has been placed on aportion of the touch screen display. This sensing information can beused to control the manipulation of the GUI elements or other functionsof the user interface. The display 910 can be an integral part of thehousing assembly of the communication device 900 or an independentdevice communicatively coupled thereto by a tethered wireline interface(such as a cable) or a wireless interface.

The UI 904 can also include an audio system 912 that utilizes audiotechnology for conveying low volume audio (such as audio heard inproximity of a human ear) and high volume audio (such as speakerphonefor hands free operation). The audio system 912 can further include amicrophone for receiving audible signals of an end user. The audiosystem 912 can also be used for voice recognition applications. The UI904 can further include an image sensor 913 such as a charged coupleddevice (CCD) camera for capturing still or moving images.

The power supply 914 can utilize common power management technologiessuch as replaceable and rechargeable batteries, supply regulationtechnologies, and/or charging system technologies for supplying energyto the components of the communication device 900 to facilitatelong-range or short-range portable applications. Alternatively, or incombination, the charging system can utilize external power sources suchas DC power supplied over a physical interface such as a USB port orother suitable tethering technologies.

The location receiver 916 can utilize location technology such as aglobal positioning system (GPS) receiver capable of assisted GPS foridentifying a location of the communication device 900 based on signalsgenerated by a constellation of GPS satellites, which can be used forfacilitating location services such as navigation. The motion sensor 918can utilize motion sensing technology such as an accelerometer, agyroscope, or other suitable motion sensing technology to detect motionof the communication device 900 in three-dimensional space. Theorientation sensor 920 can utilize orientation sensing technology suchas a magnetometer to detect the orientation of the communication device900 (north, south, west, and east, as well as combined orientations indegrees, minutes, or other suitable orientation metrics).

The communication device 900 can use the transceiver 902 to alsodetermine a proximity to a cellular, WiFi, Bluetooth®, or other wirelessaccess points by sensing techniques such as utilizing a received signalstrength indicator (RSSI) and/or signal time of arrival (TOA) or time offlight (TOF) measurements. The controller 906 can utilize computingtechnologies such as a microprocessor, a digital signal processor (DSP),programmable gate arrays, application specific integrated circuits,and/or a video processor with associated storage memory such as Flash,ROM, RAM, SRAM, DRAM or other storage technologies for executingcomputer instructions, controlling, and processing data supplied by theaforementioned components of the communication device 900.

Other components not shown in FIG. 9 can be used in one or moreembodiments of the subject disclosure. For instance, the communicationdevice 900 can include a reset button (not shown). The reset button canbe used to reset the controller 906 of the communication device 900. Inyet another embodiment, the communication device 900 can also include afactory default setting button positioned, for example, below a smallhole in a housing assembly of the communication device 900 to force thecommunication device 900 to re-establish factory settings. In thisembodiment, a user can use a protruding object such as a pen or paperclip tip to reach into the hole and depress the default setting button.The communication device 900 can also include a slot for adding orremoving the UICC 975 (where it is not an embedded UICC). The UICC 975can be various types of UICCs and can be a Subscriber Identity Module(SIM) card. The UICC 975 can be used for identifying subscriberservices, executing programs, storing subscriber data, and so forth.

The communication device 900 as described herein can operate with moreor less of the circuit components shown in FIG. 9 . These variantembodiments can be used in one or more embodiments of the subjectdisclosure.

The communication device 900 can be adapted to perform the functions ofthe devices of FIGS. 2-6 and 8 including communication devices 210, 410,810, as well as the identity proxy functions 250, 850, the identityprovisioning functions 350, 899 and other network components describedherein. It will be appreciated that the communication device 900 canalso represent other devices that can operate in systems 200 and 800. Inaddition, the controller 906 can be adapted in various embodiments toperform the functions 462 which enables management of the re-use ofIMSIs.

Upon reviewing the aforementioned embodiments, it would be evident to anartisan with ordinary skill in the art that said embodiments can bemodified, reduced, or enhanced without departing from the scope of theclaims described below. For example, other factors can be utilized todetermine whether an original device should receive an IMSI from thedesignated group of IMSIs (which has not yet been reassigned) or whetherthe original device should continue to utilize the original IMSI. Forinstance, even though the original IMSI may not yet have beenreassigned, the service provider may desire to reassign another IMSI(from the designated IMSI to be reassigned) such as to facilitatecategorizing devices and/or subscribers based on particular groupings ofIMSIs.

The exemplary embodiments have been described with respect to GSM andLTE networks 200, 800, respectively. However, the exemplary embodimentscan be utilized for managing use of IMSIs in various types of networks.For example in a Universal Mobile Telecommunications System (UMTS)network, IMSI management can be performed as described in the exemplaryembodiments by intercepting a registration request utilizing an identityproxy function (e.g., positioned between the BSS and the Serving GPRSSupport Node (SGSN)). In another example in a General Packet RadioService (GPRS) network, IMSI management can be performed as described inthe exemplary embodiments by intercepting a registration requestutilizing an identity proxy function.

In one or more embodiments, other steps or procedures can be implementedwhen an original device that has been flagged as inactive attempts toregister with the network. For example, when an original device whoseoriginal IMSI has been re-assigned to another device is detected duringa registration request, the network can limit interaction of theoriginal device with the network. For instance, the UICC of the originaldevice can be forced to use a default IMSI which has limitedfunctionality such as being limited to bootstrap functions (e.g.,functions that enable communicating with the network for administrativereasons including obtaining a reassigned IMSI), a pay for service mode,and so forth. For instance, a pay for service mode can be implemented bythe default IMSI by allowing registration that enables access to awebpage for selecting and paying for particular communication services,such as messaging, voice calls, and so forth. In one embodiment, thedefault IMSI can be stored by the UICC in addition to the original IMSI.In one embodiment, the provisioning information provided to the UICC cancause the UICC to utilize the default IMSI instead of the original IMSI.In another embodiment, the identity provisioning function 350, 899 canprovision the default IMSI to the original device rather thanprovisioning an IMSI from the designated group of IMSIs.

In one or more embodiments, the intercepting of the IMSI and determiningwhether to allow registration to continue by the identity proxy function250, 850 prevents a failure or other error message from being generatedand/or from being provided to the communication device which could haveadverse effects on the communication device such as disabling OTAinterface of the communication device.

In one or more embodiments, the identity proxy function 250, 850 cancache or otherwise store last successful registration processes forparticular devices to utilize that information for determining whether adevice requesting registration is an original device or a new devicewith a reassigned IMSI. In one embodiment, the device identificationinformation (e.g., an IMEI) can be sourced by one or more other networkelements.

Other embodiments can be used in the subject disclosure.

It should be understood that devices described in the exemplaryembodiments can be in communication with each other via various wirelessand/or wired methodologies. The methodologies can be links that aredescribed as coupled, connected and so forth, which can includeunidirectional and/or bidirectional communication over wireless pathsand/or wired paths that utilize one or more of various protocols ormethodologies, where the coupling and/or connection can be direct (e.g.,no intervening processing device) and/or indirect (e.g., an intermediaryprocessing device such as a router).

FIG. 10 depicts an exemplary diagrammatic representation of a machine inthe form of a computer system 1000 within which a set of instructions,when executed, may cause the machine to perform any one or more of themethods described above. One or more instances of the machine canoperate, for example, as the identity proxy functions 250, 850 and/orthe identity provisioning functions for intercepting IMSIs, determiningidentities of devices, and/or managing the reuse of the IMSIs. In someembodiments, the machine may be connected (e.g., using a network 1026)to other machines. In a networked deployment, the machine may operate inthe capacity of a server or a client user machine in a server-clientuser network environment, or as a peer machine in a peer-to-peer (ordistributed) network environment.

The machine may comprise a server computer, a client user computer, apersonal computer (PC), a tablet, a smart phone, a laptop computer, adesktop computer, a control system, a network router, switch or bridge,or any machine capable of executing a set of instructions (sequential orotherwise) that specify actions to be taken by that machine. It will beunderstood that a communication device of the subject disclosureincludes broadly any electronic device that provides voice, video ordata communication. Further, while a single machine is illustrated, theterm “machine” shall also be taken to include any collection of machinesthat individually or jointly execute a set (or multiple sets) ofinstructions to perform any one or more of the methods discussed herein.

The computer system 1000 may include a processor (or controller) 1002(e.g., a central processing unit (CPU)), a graphics processing unit(GPU, or both), a main memory 1004 and a static memory 1006, whichcommunicate with each other via a bus 1008. The computer system 1000 mayfurther include a display unit 1010 (e.g., a liquid crystal display(LCD), a flat panel, or a solid state display). The computer system 1000may include an input device 1012 (e.g., a keyboard), a cursor controldevice 1014 (e.g., a mouse), a disk drive unit 1016, a signal generationdevice 1018 (e.g., a speaker or remote control) and a network interfacedevice 1020. In distributed environments, the embodiments described inthe subject disclosure can be adapted to utilize multiple display units1010 controlled by two or more computer systems 1000. In thisconfiguration, presentations described by the subject disclosure may inpart be shown in a first of the display units 1010, while the remainingportion is presented in a second of the display units 1010.

The disk drive unit 1016 may include a tangible computer-readablestorage medium 1022 on which is stored one or more sets of instructions(e.g., software 1024) embodying any one or more of the methods orfunctions described herein, including those methods illustrated above.The instructions 1024 may also reside, completely or at least partially,within the main memory 1004, the static memory 1006, and/or within theprocessor 1002 during execution thereof by the computer system 1000. Themain memory 1004 and the processor 1002 also may constitute tangiblecomputer-readable storage media.

Dedicated hardware implementations including, but not limited to,application specific integrated circuits, programmable logic arrays andother hardware devices can likewise be constructed to implement themethods described herein. Application specific integrated circuits andprogrammable logic array can use downloadable instructions for executingstate machines and/or circuit configurations to implement embodiments ofthe subject disclosure. Applications that may include the apparatus andsystems of various embodiments broadly include a variety of electronicand computer systems. Some embodiments implement functions in two ormore specific interconnected hardware modules or devices with relatedcontrol and data signals communicated between and through the modules,or as portions of an application-specific integrated circuit. Thus, theexample system is applicable to software, firmware, and hardwareimplementations.

In accordance with various embodiments of the subject disclosure, theoperations or methods described herein are intended for operation assoftware programs or instructions running on or executed by a computerprocessor or other computing device, and which may include other formsof instructions manifested as a state machine implemented with logiccomponents in an application specific integrated circuit or fieldprogrammable gate array. Furthermore, software implementations (e.g.,software programs, instructions, etc.) including, but not limited to,distributed processing or component/object distributed processing,parallel processing, or virtual machine processing can also beconstructed to implement the methods described herein. Distributedprocessing environments can include multiple processors in a singlemachine, single processors in multiple machines, and/or multipleprocessors in multiple machines. It is further noted that a computingdevice such as a processor, a controller, a state machine or othersuitable device for executing instructions to perform operations ormethods may perform such operations directly or indirectly by way of oneor more intermediate devices directed by the computing device.

While the tangible computer-readable storage medium 1022 is shown in anexample embodiment to be a single medium, the term “tangiblecomputer-readable storage medium” should be taken to include a singlemedium or multiple media (e.g., a centralized or distributed database,and/or associated caches and servers) that store the one or more sets ofinstructions. The term “tangible computer-readable storage medium” shallalso be taken to include any non-transitory medium that is capable ofstoring or encoding a set of instructions for execution by the machineand that cause the machine to perform any one or more of the methods ofthe subject disclosure. The term “non-transitory” as in a non-transitorycomputer-readable storage includes without limitation memories, drives,devices and anything tangible but not a signal per se.

The term “tangible computer-readable storage medium” shall accordinglybe taken to include, but not be limited to: solid-state memories such asa memory card or other package that houses one or more read-only(non-volatile) memories, random access memories, or other re-writable(volatile) memories, a magneto-optical or optical medium such as a diskor tape, or other tangible media which can be used to store information.Accordingly, the disclosure is considered to include any one or more ofa tangible computer-readable storage medium, as listed herein andincluding art-recognized equivalents and successor media, in which thesoftware implementations herein are stored.

Although the present specification describes components and functionsimplemented in the embodiments with reference to particular standardsand protocols, the disclosure is not limited to such standards andprotocols. Each of the standards for Internet and other packet switchednetwork transmission (e.g., TCP/IP, UDP/IP, HTML, HTTP) representexamples of the state of the art. Such standards are from time-to-timesuperseded by faster or more efficient equivalents having essentiallythe same functions. Wireless standards for device detection (e.g.,RFID), short-range communications (e.g., Bluetooth®, WiFi, Zigbee®), andlong-range communications (e.g., WiMAX, GSM, CDMA, LTE) can be used bycomputer system 1000. In one or more embodiments, information regardinguse of services can be generated including services being accessed,media consumption history, user preferences, and so forth. Thisinformation can be obtained by various methods including user input,detecting types of communications (e.g., video content vs. audiocontent), analysis of content streams, and so forth. The generating,obtaining and/or monitoring of this information can be responsive to anauthorization provided by the user. In one or more embodiments, ananalysis of data can be subject to authorization from user(s) associatedwith the data, such as an opt-in, an opt-out, acknowledgementrequirements, notifications, selective authorization based on types ofdata, and so forth.

The illustrations of embodiments described herein are intended toprovide a general understanding of the structure of various embodiments,and they are not intended to serve as a complete description of all theelements and features of apparatus and systems that might make use ofthe structures described herein. Many other embodiments will be apparentto those of skill in the art upon reviewing the above description. Theexemplary embodiments can include combinations of features and/or stepsfrom multiple embodiments. Other embodiments may be utilized and derivedtherefrom, such that structural and logical substitutions and changesmay be made without departing from the scope of this disclosure. Figuresare also merely representational and may not be drawn to scale. Certainproportions thereof may be exaggerated, while others may be minimized.Accordingly, the specification and drawings are to be regarded in anillustrative rather than a restrictive sense.

Although specific embodiments have been illustrated and describedherein, it should be appreciated that any arrangement which achieves thesame or similar purpose may be substituted for the embodiments describedor shown by the subject disclosure. The subject disclosure is intendedto cover any and all adaptations or variations of various embodiments.Combinations of the above embodiments, and other embodiments notspecifically described herein, can be used in the subject disclosure.For instance, one or more features from one or more embodiments can becombined with one or more features of one or more other embodiments. Inone or more embodiments, features that are positively recited can alsobe negatively recited and excluded from the embodiment with or withoutreplacement by another structural and/or functional feature. The stepsor functions described with respect to the embodiments of the subjectdisclosure can be performed in any order. The steps or functionsdescribed with respect to the embodiments of the subject disclosure canbe performed alone or in combination with other steps or functions ofthe subject disclosure, as well as from other embodiments or from othersteps that have not been described in the subject disclosure. Further,more than or less than all of the features described with respect to anembodiment can also be utilized.

Less than all of the steps or functions described with respect to theexemplary processes or methods can also be performed in one or more ofthe exemplary embodiments. Further, the use of numerical terms todescribe a device, component, step or function, such as first, second,third, and so forth, is not intended to describe an order or functionunless expressly stated so. The use of the terms first, second, thirdand so forth, is generally to distinguish between devices, components,steps or functions unless expressly stated otherwise. Additionally, oneor more devices or components described with respect to the exemplaryembodiments can facilitate one or more functions, where the facilitating(e.g., facilitating access or facilitating establishing a connection)can include less than every step needed to perform the function or caninclude all of the steps needed to perform the function.

In one or more embodiments, a processor (which can include a controlleror circuit) has been described that performs various functions. Itshould be understood that the processor can be multiple processors,which can include distributed processors or parallel processors in asingle machine or multiple machines. The processor can be used insupporting a virtual processing environment. The virtual processingenvironment may support one or more virtual machines representingcomputers, servers, or other computing devices. In such virtualmachines, components such as microprocessors and storage devices may bevirtualized or logically represented. The processor can include a statemachine, application specific integrated circuit, and/or programmablegate array including a Field PGA. In one or more embodiments, when aprocessor executes instructions to perform “operations”, this caninclude the processor performing the operations directly and/orfacilitating, directing, or cooperating with another device or componentto perform the operations.

The Abstract of the Disclosure is provided with the understanding thatit will not be used to interpret or limit the scope or meaning of theclaims. In addition, in the foregoing Detailed Description, it can beseen that various features are grouped together in a single embodimentfor the purpose of streamlining the disclosure. This method ofdisclosure is not to be interpreted as reflecting an intention that theclaimed embodiments require more features than are expressly recited ineach claim. Rather, as the following claims reflect, inventive subjectmatter lies in less than all features of a single disclosed embodiment.Thus the following claims are hereby incorporated into the DetailedDescription, with each claim standing on its own as a separately claimedsubject matter.

What is claimed is:
 1. A method comprising: receiving, by a processingsystem including a processor, a first registration request associatedwith a first communication device, wherein an international mobilesubscriber identity is associated with the first communication device;and responsive to the receiving the first registration request:identifying, by the processing system, the first communication devicegenerating the first registration request according to a secret keyutilized by the first communication device to generate firstauthentication information associated with the first communicationdevice; determining, by the processing system, whether the internationalmobile subscriber identity has been reassigned to the firstcommunication device according to the first authentication informationassociated with the first communication device; and providing, by theprocessing system, a second registration request to a registrationfunction to complete a registration process for the first communicationdevice responsive to a determination that the international mobilesubscriber identity has been reassigned to the first communicationdevice.
 2. The method of claim 1, further comprising receiving, by theprocessing system, first authentication information associated with thefirst communication device from a home location register.
 3. The methodof claim 2, further comprising transmitting, by the processing system,to a home location register, an authentication request associated withthe first communication device.
 4. The method of claim 3, wherein thetransmitting of the authentication request to the home location registersimulates a registration process.
 5. The method of claim 3, wherein thetransmitting of the authentication request to the home location registercauses the first communication device to provide the firstauthentication information to an authentication center.
 6. The method ofclaim 5, wherein the home location register receives the firstauthentication information from the authentication center.
 7. The methodof claim 1, wherein the providing the second registration request to theregistration function to complete the registration process for the firstcommunication device is further responsive to a determination that theinternational mobile subscriber identity is included in a subset of agroup of designated international mobile subscriber identities.
 8. Themethod of claim 7, further comprising determining, by the processingsystem, whether the international mobile subscriber identity is includedin a subset of a group of designated international mobile subscriberidentities.
 9. The method of claim 7, wherein the designatedinternational mobile subscriber identities in the subset have beenreassigned from communication devices.
 10. The method of claim 7,further comprising accessing, by the processing system, information thatidentifies the group of the designated international mobile subscriberidentities and the subset of the group of the designated internationalmobile subscriber identities.
 11. The method of claim 1, wherein theproviding the second registration request to the registration functionto complete the registration process for the first communication deviceis further responsive to a determination that the international mobilesubscriber identity is not included in a group of designatedinternational mobile subscriber identities.
 12. A communication device,comprising: a processing system including a processor; and a memory thatstores executable instructions that, when executed by the processingsystem, facilitate performance of operations, comprising: transmitting aregistration request including an international mobile subscriberidentity of the communication device; responsive to a determination thatthe international mobile subscriber identity has not been reassigned tothe communication device, receiving provisioning information toreassign, to the communication device, a second international mobilesubscriber identity from a group of designated international mobilesubscriber identities; and facilitating a registration process thatutilizes the second international mobile subscriber identity and thatenables communication services at the communication device.
 13. Thecommunication device of claim 12, wherein the determination is based onfirst authentication information associated with the communicationdevice.
 14. The communication device of claim 13, wherein the firstauthentication information is provided by a home location register inresponse to an authentication request.
 15. The communication device ofclaim 12, wherein the operations further comprise receiving, via anidentity provisioning function, provisioning information for disablinguse of the international mobile subscriber identity by the communicationdevice.
 16. The communication device of claim 12, wherein theregistration request is received by an identity proxy function operatingin a server, wherein the identity proxy function is located between aneNodeB and a mobility management entity.
 17. A non-transitorymachine-readable storage medium, comprising executable instructionsthat, when executed by a processing system of a communication devicethat includes a processor, facilitate performance of operations,comprising: receiving, from a home location register, firstauthentication information associated with a first communication device;determining whether an international mobile subscriber identity has beenreassigned to the first communication device according to the firstauthentication information associated with the first communicationdevice; and providing a first registration request to a registrationfunction to complete a registration process for the first communicationdevice responsive to a determination that the international mobilesubscriber identity has been reassigned to the first communicationdevice.
 18. The non-transitory machine-readable storage medium of claim17, wherein the operations further comprise transmitting, to the homelocation register, an authentication request associated with the firstcommunication device.
 19. The non-transitory machine-readable storagemedium of claim 18, wherein the transmitting of the authenticationrequest is responsive to receiving a second registration request. 20.The non-transitory machine-readable storage medium of claim 18, whereinthe transmitting of the authentication request to the home locationregister causes the first communication device to provide the firstauthentication information to an authentication center, and wherein thehome location register receives the first authentication informationfrom the authentication center.